Linux Firewall Part 3: Selecting Your Hardware


Selecting your hardware

As mentioned in the previous segment, you can create a professional-level firewall using old hardware that you would otherwise throw away. Some people may choose to purchase new dedicated hardware, which can have several advantages. Either way, you can create a hardware firewall costs significantly less than the $1000-$3000 that professional hardware devices can cost.

Network cards
For a basic firewall, you’ll need at least 2 network cards (one for the Red network, and another for the Green network).  If you want to add a DMZ, then you’ll need an additional network card.

For the wired network cards, you don’t need anything more than 100Mbit on the Red and Orange networks, since even the fastest of Internet connections is 20Mbit.  These are minimum recommendations for building a firewall out of spare parts and have these items laying around.  If you’re buying new hardware, go ahead and do all Gigabit.

This Jetway board has expansions for three more network ports

If you want to add a Blue network into the mix, then you’ll need a regular wired network card with a wireless access point attached to it.  It is not recommended to use a wireless card directly, because your particular card might not be supported, and upgradability is limited.  Connect a wireless access point with the minimum wireless technology you want to support, like 802.11g or 802.11n.  That way you can always upgrade to the next wireless technology without ever opening your firewall.

The selection of your PC case is really all about how satisfied you want to be with this project.  If you are going full-blown mini-ITX, then you can choose from some really cute tiny boxes and an external power brick.  There are also some 1U rack-mountable cases that are perfect for mini-ITX motherboards, but I wouldn’t recommend this unless you are hosting several webservers and are protecting a small server farm. These cases are just fine if you want to build a basic firewall and don’t need many extras like CD-ROM drives or full-sized hard drives.

I-Star 2U Rack-mountablable Case

I did try a very cheap 1U case, but believe it or not the ITX motherboard didn’t fit right in it… so make sure that if you do 1U that you make sure it is compatible with the motherboard you choose.

Another consideration for a special ITX case is this: what if the power supply breaks?  Your firewall is the biggest single point of failure for your network.  These small cases require special power supplies, and unless you have a spare on hand then you’re going to be down until you find a replacement.

I chose an i-Star 2U case primarially because they are good and inexpensive.  I also want plenty of airflow, an attached DVD drive, full-size internal power supply  and two full-sized 80GB hard drives in RAID 1.  Since all of this equipment will only draw about 50 watts of power, any regular power supply should be around 90% efficient, so it won’t produce the heat you might expect.

